Malicious programmers are constantly attempting to exploit computing systems by creating malicious software programs (malware) such as viruses, worms, and Trojan horses. In some situations, malicious programmers may attempt to compromise a user's local area network (LAN) router by creating a malicious script embedded in a webpage visited by the user that causes the user's computing device to alter or modify one or more settings of the user's router.
For example, a malicious programmer may gain access to a user's LAN router by embedding a script within a webpage visited by the user that causes the user's computing device to: 1) connect to the user's router (a fairly straightforward approach given the finite number of IP addresses commonly allotted to LAN routers), and then 2) attempt to gain administrative access to the router. Because consumer-grade routers often work with their default settings, consumers commonly fail to change the default administrative passwords on such routers. Even when altered, malicious scripts may quickly guess administrative passwords using dictionary attacks since most consumer-grade routers do not introduce timing penalties for incorrect login attempts.
Once administrative access is granted, the malicious script may alter or modify many, if not all, of the router's settings. For example, the malicious script may specify a DNS server under the control of a malicious programmer in place of a legitimate DNS server, such as a server suggested by an upstream node (such as an Internet Service Provider). In this example, all subsequent domain-name resolutions will be controlled through the malicious server. Such an attack, sometimes referred to as “drive-by pharming,” is oftentimes difficult to detect because it occurs outside the home or small office and outside of the Internet.